multi-subcarrier physical layer authentication using
TRANSCRIPT
Multi-subcarrier Physical Layer Authentication Using Channel StateInformation and Deep Learning
Ken St. Germain, Frank KraghDepartment of Electrical and Computer Engineering
Naval Postgraduate School{ kenneth.stgermain, fekragh}@nps.edu
Abstract
Strong authentication is crucial as wirelessnetworks become more widespread and relied upon.The robust physical layer features produced byadvanced communication networks lend themselvesto accomplishing physical layer authentication byusing channel state information (CSI). The use ofdeep learning with neural networks is well suitedfor classification tasks and can further the goal ofenhancing physical layer security. To that end, wepropose a semi-supervised generative adversarialnetwork to differentiate between legitimate andmalicious transmitters and accurately identify devicesfor authentication across a range of signal to noiseratio conditions. Our system leverages multiple inputmultiple output CSI across orthogonal frequencydivision multiplexing subcarriers using a smallpercentage of labeled training data.
1. Introduction
Efficient and effective security measures arerequired to ensure modern and future communicationsystems perform to their full potential. Securityis commonly and successfully accomplished usingkey-based cryptography, however as networks growand become more complex, key distribution andmanagement may not scale without causing undue userdelays [1, 2]. The latest iterations of IEEE 802.11WiFi standards and 5th generation New Radio (5G-NR)mobile networks leverage several techniques at thephysical layer to provide high data rate communicationsto multiple users [3]. The features created by thesetechniques create opportunities for the employment ofphysical layer security.
Physical layer security is accomplished at the bottomof the Open Systems Interconnection (OSI) stack.Thus, when an illegitimate device attempts to create asecure connection, the expenditure of undue resourcesis reduced in the higher layers. This is especially
important for devices that are computationally or energyconstrained, such as those in the Internet of Things (IoT)realm [4].
In this work, we explore physical layerauthentication and deep learning to ensure strongauthentication on a variety of devices with disparateapplications. The goal in this paper is to preventillegitimate devices from authenticating and thencorrectly identify legitimate devices based on featuresobserved at the physical layer. These features arerealized in a particular environment based on thesystem characteristics, such as carrier frequencies,using multiple transmitter and receiver antennas, andthe use of multiple subcarriers through such methods asorthogonal frequency-division multiplexing (OFDM).Although no approach can guarantee prevention ofan intruder authenticating, using the uniqueness ofCSI for physical layer authentication can improvethe overall security of a network. Devices that useno authentication strategy at all offer an attractivevulnerability for an adversary.
In this paper we use a generative adversarial network(GAN) to determine which of several transmittersshould be authenticated or denied access. Specifically,we employ a GAN model with semi-supervised learningknown as a semi-supervised GAN (SGAN) [5] whereonly a small portion of the training dataset is labeled.
The literature proposes two broad categories todistinguish legitimate from illegitimate devices at thephysical layer without the use of a pre-shared secret,cryptography, user-provided credentials, or higherOSI-layer processing. The first category relies on uniqueimperfections of the transmitter hardware that manifestas radio frequency (RF) fingerprints or signatures [6].Based on manufacturing processes and designs, thetransmitted signal will be uniquely distorted from deviceto device, even if only slightly. The second categoryleverages the stochastic nature of the wireless channel totake advantage of multi-path fading environments. Thetemporally and spatially-unique impulse or frequencyresponse can be used to identify the transmitter [7].
Proceedings of the 54th Hawaii International Conference on System Sciences | 2021
Page 7036URI: https://hdl.handle.net/10125/71467978-0-9981331-4-0(CC BY-NC-ND 4.0)
Our proposed method is based on research using thesecond category. The effects of the multipath channelcan be described in the channel state information (CSI)matrix. The elements of the CSI matrix are attributesof the fading channel and are therefore unique tothe pairwise position of the receiver and transmitterin line-of-sight (LOS) and non-line-of-sight (NLOS)multipath environments. While there is merit in usingthe RF fingerprinting method in the first category, thesecharacteristics are observable by a malicious actor andcan be spoofed. Contrast with using the channel-basedapproach, an adversary cannot directly measure theCSI between two entities and create a transmission tomimic a legitimate signal. In dynamic conditions with amobile transmitter, receiver, and/or significant reflectiveor absorbing objects, the CSI is also time-variant. Thefocus of this paper is on the static case, and using atechnique as described by [8] can be adopted to accountfor scenarios where motion is expected to change theCSI. We use the static channel here to explore the use ofboth the magnitude and phase of the CSI.
To simulate multiple-input multiple-output (MIMO)millimeter wave OFDM subchannels, we take advantageof the DeepMIMO dataset [9], based on ray-tracingdata from the Remcom Insite tool [10]. TheDeepMIMO dataset is configurable to a variety ofwireless applications, and we use it to create samplesthat train and test the SGAN in a 4× 4 MIMOenvironment operating with a 60 GHz carrier frequencywith 16 pilot subcarriers from a 512 OFDM subcarriersystem in an urban setting. Although the Deep MIMOdataset scenario is based on an urban environment, morefully appropriate use-cases for static channels mightinclude an uninhabitable industrial setting, or a in aremote, deployed sensor network.
In this paper, we use a SGAN to identify malicioususers who attempt to spoof the CSI of legitimate usersand prevent them from authenticating. We also identifylegitimate users and correctly categorize them. Thecontributions of this paper are:
• We introduce analysis illustrating how thereceived CSI matrix elements and measurementerror over multiple subcarriers can be used forphysical layer authentication.
• We propose a discriminative model that processesboth legitimate samples from a trusted sourceand faked samples created by the generativemodel to determine whether a transmitter shouldbe authenticated using complex-valued CSIelements.
• We propose four classifier neural network modelsthat determine the identity of a transmitter based
on associated CSI matrix samples at various levelsof signal to noise ratio (SNR)
• In Section 6, we use a SGAN architectureto accurately classify MIMO CSI as a basisof physical layer authentication for multipletransmitters. We use small amounts oflabeled training data to perform physical layerauthentication. By not relying on a fully labeleddataset, we benefit by using a method to reduceauthentication overhead.
• Distinguishing from previous research, ourproposal takes advantage of the SGAN-traineddiscriminator’s performance across different SNRlevels to prevent illegitimate transmitters fromauthenticating while minimizing the number ofrequired labeled samples. The SGAN-trainedclassifier then accurately identifies samples fromlegitimate transmitters.
This paper discusses the channel model and previouswork in the application of machine learning withinthe RF domain in Section 2. Next we present thedevelopment of the SGAN in Section 3. Section 4describes the DeepMIMO dataset and how we use it tocreate CSI samples. The system model for the SGAN isillustrated in Section 5, and simulation results are shownin Section 6. Finally, we summarize our observationsand discuss future work in Section 7. With respectto notation, unless otherwise addressed, vectors areindicated with bold lower-case letters, and matrices withbold upper-case letters.
2. Background and related research
This section introduces the channel model, the useof GANs for RF tasks, the model for measured CSI, andthe architecture of a semi-supervised GAN.
2.1. Channel Model
By taking advantage of the randomness anduniqueness inherent in the RF communication channel,physical layer information provided by the channel canbe used to conduct authentication [11]. The natureof the wireless medium affects the transmitted signalas it propagates to the receiver. The single subcarriernarrowband model of the wireless channel is given by
y = Hx + n (1)
where y is the received signal, x is the transmitted signal,H is the time-varying CSI or channel response, and n isthe noise vector. For a Rayleigh faded channel, H is an
Page 7037
N ×M matrix of circularly symmetric complex-valuedGaussian random variables. The number of transmitterantennas is M and the number of receiver antennasis N . Each complex element within H, hn,m, iscomposed of real and imaginary zero-mean independentGaussian random variables with identical variance [12].Jakes’ uniform scattering model [13] states that antennasspatially separated more than two carrier wavelengthsfrom each other will observe sufficiently independentfading channels due to rapid decorrelation of the signalenvelope among receivers.
Although the CSI elements may be independentfor a single subcarrier, that does not necessarily holdtrue when there are multiple subcarriers, such as in anOFDM system. For K subcarriers, we extend (1) byadding an additional dimension as a superscript wherek = 1, 2, . . . ,K is the sampled subcarrier, resulting in
yk = Hkxk + nk (2)
where Hk is a three-dimensional tensor of sizeN ×M ×K. Fading across the subcarrier channelswill be correlated if the coherence bandwidth islarge [14], resulting in correlated CSI elements acrosssubchannels, for example, hk1,1. To illustrate this, Fig. 1
depicts the magnitude of hk1,1 over 512 subcarriers in anOFDM system with 16 pilot subcarriers with correlatedfading. There is correlation between adjacent OFDMchannels, but not across the entire band of subcarriers oradjacent pilots channels.
2.2. Authentication with measured CSI
A receiver continues to authenticate a transmitter ifthe received CSI varies less than a threshold appliedto the received CSI from previous transmissions. Thisrequires some method of initial authentication, suchas the use of cryptographic methods or physical layer
Figure 1. CSI element magnitude vs. subcarrier.
authentication using RF fingerprinting from transmitterimperfections. During initial authentication, the receivermakes CSI measurements of the channel and stores thatinformation for future authentication.
During channel measurement, even in a stablestatic environment, the receiver imparts noise to thereceived signal, resulting in variation to the measuredCSI elements. This error, ε, is modeled as anadditive complex zero-mean Gaussian process on eachsubcarrier, CN (0,Σε), where the covariance of thesample mean is Σε = Σε/s for s samples during themeasurement. Therefore, the tth CSI measured by the
receiver at subcarrier k, Hk
t , is given as
Hk
t = Hk + εkt t = 1, 2, . . . , s (3)
where Hk is the true CSI from (2) and εkt is a complexN ×M ×K tensor with independent identicallydistributed elements. Since εkt is zero-mean, Hk, canbe estimated with a variety of techniques includingleast squares estimation, minimum mean-square errorestimation, and through successive measurements and
element-wise averaging of Hk
t for t = {1, 2, . . . , s} asdemonstrated in [15].
2.3. Machine learning applied to the RFDomain
Since the received CSI relies on the position of thetransmitter, the receiver, and reflecting and absorbingmaterials in the environment, researchers have usedmachine learning to successfully resolve localizationchallenges. By collecting and recording CSI and knowntransmitter locations in advance, machine learningprovided accurate a posteriori transmitter positions [16,17, 18]. The use of machine learning and locationinformation has been used to make an authenticationdecision using CSI [19, 20, 21]. In [21], Pan et al.showed that authentication performance was better inscenarios with stationary systems, abundant multi-patheffects, and separation of transmitter antennas by morethan one-half wavelength.
Introduced by Goodfellow et al. [22], theGAN framework trains two artificial neural networkmodels called the discriminator and the generator asthey compete against each other in an adversarialcompetition. Although used extensively in imageprocessing fields, GANs have been shown useful forinvestigations in the RF field as well.
O’Shea et al. [23] used a GAN to determinethe optimal modulation scheme in a given channel,showing how GANs can allow for adaptation to the RF
Page 7038
environment. Based on earlier work by O’Shea et al.for radio modulation classification [24], Li et al. [25]employed a SGAN to classify 11 different modulationtypes and improve the classification performance over aconvolutional neural network model. In an adversarialsituation such as jamming and spoofing, Roy [26]proposed the use of GANs for building a robustsystem that can determine legitimate transmitters fromillegitimate ones based on the imbalance of in-phase andquadrature components of a symbol constellation.
Our contribution to this area is the application ofan SGAN to the complex-valued CSI elements forclassification. Whereas previous works that researchphysical layer authentication with CSI use a channelgain coefficient matrix or use a method that normalizesthe channel response, we retain the real and imaginaryparts of the CSI elements in an effort to retain as muchinformation as possible from the channel. We alsoexamine the performance of the SGAN and additionalneural networks across a range of SNR.
3. Semi-Supervised GAN
Semi-supervised learning for neural networksrequires that only a portion of the training data belabeled. As opposed to supervised learning where allthe training data is labeled or unsupervised learningwhere there are no labels and the networks must findtheir own way to organize the data, semi-supervisedalgorithms attempt to correctly identify samples whenonly a small portion of the training data is labeled.This can be very helpful when the dataset is large andit would be laborious and time-intensive for an expertto correctly label every sample manually. In our case,the labeled data comes from the CSI samples recordedduring the initial authentication session. If more data isrequired, the overhead will increase.
When training a vanilla GAN in an unsupervisedlearning architecture, the discriminative model, D, isa binary classifier that receives unlabeled authenticsamples from the training data or fake samples generatedby the generative model, G. The generative modelcreates fake samples based on a function with randomseed input, and the parameters in G. The discriminativemodel assigns a probability from zero to one based onits perception of whether the sample is fake (0.0) orauthentic (1.0). The value function that describes thisrelationships from the original work by Goodfellow [22]is given by
minG
maxD
V (D,G) = Ex∼pdata(x)[logD(x)]
+ Ez∼pz(z)[log(1−D(G(z)))]
(4)
where D(x ) is the probability that x came from thedata distribution pdata(x ) containing authentic trainingsamples, and D(G(z )) is the estimate of the probabilitythat the discriminator incorrectly identifies the fakeinstance as authentic. The generator network attemptsto maximize D(G(z )), while the discriminator networktries to minimize it. The generator creates samples,G(z ), based on the parameter values in G andthe random seed values z provided to the generatorconsistent with pz (z ). Adversarial data, the output ofthe generator, is not random, however the generatormakes use of random data to produce an output. Thegenerator output is shaped by the parameters of thegenerator and the binary cross entropy loss based onthe discriminator output when the generator createssamples.
With semi-supervised learning, a small percentageof the training data is labeled, and instead of usinga binary classifier, the discriminator is a multi-classclassifier. For N classes, the model requires N + 1outputs to account for all the authentic classes plusone additional class for the fake generated class. Thiscan be implemented in a variety of ways. FollowingSalimans et al. [27], we can build an N -class classifiernetwork, C, with output logits {l1, l2, . . . , lN} priorto the softmax activation for C. The logits vectoris then used as the input to the activation function
for D, which is given as D(x) = Z(x)Z(x)+1 , where
Z(x) =∑Nn=1 exp[ln(x)]. Because D and C share the
same weights, both networks act as a single network,D/C, that is updated during backpropagation based ontheir respective loss functions, J (D) and J (C). Thegenerator loss function is given by J (G).
Fig. 2 shows a functional depiction of a SGAN intraining. The training dataset is partially labeled andprovided to the D/C model for classification by C.The remainder of the training dataset as well as thegenerated samples from G are used as input to D/C fordiscrimination where D will predict whether the sample
Figure 2. Training a semi-supervised generative
adversarial network with N classes.
Page 7039
came from the training dataset or if it was created by G.
4. The DeepMIMO dataset
Using the Remcom Insite ray-tracing tool [10],Alkhateeb developed the DeepMIMO dataset generationframework [9]. The framework allows researchersto tailor parameters in a MATLAB [28] program tosuit the need of their machine learning based wirelessapplication. This section discusses the setting we use toobtain our training and testing data, and the parameterswe selected for our model.
4.1. Target data and labels
The target data for our proposed SGAN is thereceived 4× 4 MIMO CSI from a transmitter to 14distinct user locations, {User0, User1, . . . , User13},across 16 subcarriers. The transmitter and receiversoperate at 60 GHz using 512 OFDM subcarriers.Each of the 16 pilot subcarriers are evenly spaced 32subcarriers apart. A single target sample consists of 256complex numbers, accounting for 16 CSI elements ineach of their respective 16 subcarriers.
For each CSI target sample created in the dataset,there is an accompanying target label, denoting the user.During training, the goal for the SGAN classifier will beto differentiate among the legitimate users. The SGANdiscriminator will attempt to categorize these legitimateusers as “Real”, and categorize the generator-createdsamples as “Fake”.
During testing for the discriminator, an additionaluser, representing a malicious actor will be addedto the test dataset. The discriminator will nothave seen this data during testing, but will need toidentify samples from the malicious user’s CSI as“Fake” to prevent authentication. The classifier willattempt to assign the correct label for each user’sCSI from the test dataset, however the classifier willnot be exposed to the malicious user’s CSI, sincein application, the discriminator would have alreadyprevented authentication.
4.2. DeepMIMO scenario
The setting used for the scenario is denoted “O1”and is described in detail in [9]. The “O1” scenariois an outdoor urban setting with a variety of possibletransmitter base station locations and user locations onthe streets surrounded by buildings of various heights.Fig. 3 shows the position of the 14 legitimate usersdenoted by blue circles and the red square indicatingthe malicious user in the white patch above the “UserGrid 3” label. Base station 7 (BS7) is the transmitter for
Figure 3. DeepMIMO scenario “O1”. After [9]
.
Table 1. DeepMIMO dataset parametersBase Station 7First row of users 4528Last row of users 4531Center frequency 60 GHzAntenna spacing 1 wavelengthSystem bandwidth 8.64 GHzOFDM channels 512OFDM channel interval 32Number of paths 3
our case, circled in white and is across the intersectionfrom the users. Both streets are 40 m wide, and theuser positions are centered in the street going in theX direction and 7 m from the street going in the Ydirection. There are 10 cm between adjacent users, andeach user as well as BS7 has four antennas.
4.3. DeepMIMO parameters
The parameters chosen were made to emulateadvanced wireless communication technologies, butthey are not intended to model any specific standard.Table 1 summarizes the parameters used. Advancedtechnologies refers to communications systems usingmillimeter wavelengths and multiple antennas fortransmitting and receiving signals. We believe that suchdevices will become adopted and more commonplacein the future. While the parameters chosen do notmatch any particular technology, they are analogous tothose described by IEEE standards recently released orcurrently in draft.
5. System model
We consider a 4× 4 wireless MIMOcommunications channel using 512 OFDM subchannelswith 16 pilots. There are 14 trusted users and someunknown number of untrusted users, some of thelatter group are malicious adversaries. The adversarieshave resources available to change their antenna
Page 7040
characteristics, transmitter RF path timing, outputpower, and/or present reflectors between themselvesand the receiver. Thus, they are able to change theirCSI as measured by the receiver and may have anaccomplice receiver to provide feedback as describedby Shi et al. in [29]. Although the adversaries have theability to change their CSI, they do not have accurateadvanced knowledge of the CSI required to spoofthe user. A user becomes a victim if the maliciousadversary is able to create CSI that is authenticated asthe transmitter by the user.
To defeat this scenario, the discriminative modelat the receiver is trained by a generative modelthat creates authentic looking CSI samples. Bytraining with increasingly high quality “fake” samples,the discriminative network learns the features oftransmitters that should be authenticated and the featuresof those that should not be authenticated. Parallel to theadversarial training between D and G, the classifier, C,learns the correct labels assigned to the 14 trusted users.
During an initial authentication session by othermeans, the pilot subcarriers from the transmitters aremeasured and recorded for training the SGAN. Initiallyauthenticating by other means, higher protocol layersare used, however for subsequent packet transfers,authenticating at the physical layer reduces the workloadon these higher-layer protocols as discussed in [30].An attack during the initial authentication is certainlya vulnerability, but corruption in the training data maycause authentication to fail shortly after communicationbegins. This is an aspect to be explored in futureresearch.
The classifier provides identification only afterthe discriminator successfully authenticates. Thediscriminator authenticates when a sample is assessedto be “Real”. The discriminator may make an incorrectauthentication decision (denying authentication whenthe sample is “Real” or authenticating when the samplewas actually faked), therefore we explored how SNR canaffect discriminator accuracy.
5.1. SGAN architecture
The adversarial competition in the SGAN isa minimax game described by (4) where thediscriminative model attempts to correctly identifyauthentic training samples from a distribution producedby CSI matrix elements, pdata(hn,m), and fake trainingsamples created by the generator.
As D and G adversarially train each other, theylearn to improve their individual performance. Whenthe discriminative model correctly identifies fakesamples created by the generative model, the generative
network will update its parameter weights throughbackpropagation to make more realistic samples.Likewise, the discriminative model will update itsparameter weights when it incorrectly identifies realor fake samples. The results of this training are agenerator neural network adept at creating data thatclosely mimics training data, a discriminator neuralnetwork that can identify all but the best fakes, anda classifier neural network that can determine whichtrusted transmitter produced the received CSI.
Additionally, C is trained on labeled samples fromthe training dataset. Although C does not directlyreceive unlabeled authentic or fake samples, the weightsof C are affected since it shares weights with D in theD/C implementation.
Best practices from GAN researchers [31] wereused to create the SGAN. The architecture for thediscriminator and classifier was chosen to enable featureextraction from the input tensor. A reverse architecturewas used for the generator to create realistic-lookingsamples.
5.2. Discriminative Model
The discriminator estimates the probability that asample came from the training data, rather than thegenerator. When training begins, the discriminatorwon’t know pdata(x ), so the accuracy of correctlyassigning authentic and fake samples will be near 0.5.The accuracy will increase with more iterations ofsamples and backpropagation as the authentic datadistribution is learned until the generator networkcreates samples such that the fake sample distribution,pg(z ) optimally matches pdata(x ). At this point,the accuracy of correctly assigning authentic andfake samples will return to 0.5 since for theoptimal discriminator D∗, and fixed generator, G,
D∗G(x) = pdata(x)pdata(x)+pz (z)
. When pdata(x ) = pz (z ),
D∗G(x) = 0.5. [22]
5.3. Generative Model
Without having direct access to pdata(x ), thegenerator attempts to capture this distribution throughfeedback based on the probabilities the discriminatorassigns to generated fake samples [22]. The weights ofthe generator network are updated via the loss functionJ (G) so that the generator will create better samples.
5.4. Classifier Model
The classifier shares all but the final activation layerwith the discriminator and is trained to determine which
Page 7041
of the 14 trusted transmitters will be authenticated. Theweights of D/C are iteratively updated as D and C aretrained.
6. Simulation
This section describes the simulation of the systemmodel from Section 5. The dataset for the SGAN isdescribed and results are presented.
6.1. Dataset
A dataset of 224,000 authentic samples was created,where each sample was a 4× 4× 16 complex tensor.The training dataset was allocated 70% of the greaterdataset, while the remaining 30% was set aside fortesting. Every sample started as a position-dependent4× 4× 16 tensor created by the DeepMIMO dataset.For each of the samples, 1,000 additional samples ofmeasurement error in the form of 16 different levels ofSNR were generated. Simulating thermal noise in thereceiver, decreasing amounts of AWGN were combinedwith the original signal to produce the 16 different levelsof SNR ranging from -10 dB to 20 dB in steps of 2 dB.This was inspired by the technique used by O’Shea et al.to create distortion for the modulation classification taskin [24], except we used MATLAB instead of Python andGNU Radio libraries.
The SGAN processed 16 subcarriers in a MIMO4× 4 configuration with 14 trusted transmitters.Therefore, the classifier model would need to have16× 16 complex inputs and 1 real output for eachtransmitter label. However, we separated the realand imaginary parts for processing through theneural networks, resulting in inputs tensors of shape16× 2× 16. The discriminative model also has inputsof shape 16× 2× 16 and 1 real output denoting “Real”or “Fake”, while the generative model has 1 real inputand 16× 2× 16 outputs. Additionally, the values ofthe real and imaginary parts are preprocessed to scale[−1, 1] to allow for the tanh activation function range inthe generator network as mentioned in the Section 6.2.
To mimic the malicious user’s attempt to fool alegitimate user, CSI is generated for a user position inthe center of the group of legitimate users, as shown inFig. 3. This sample is preprocessed as before, to includecreating 1,000 samples of 16 different levels of SNR.These samples are then added to the testing dataset,remaining unknown to the SGAN until testing followingthe completion of training.
6.2. SGAN development
The SGAN was implemented using the Pythonprogramming language, Keras [32] front-end, andTensorflow [33] back-end. Additionally, Numpy, andMatplotlib Python libraries were used. The dataset wascreated using MATLAB and Python.
The discriminator/classifier network, D/C, is adense or fully connected deep neural network (DNN)with 16 inputs of size 2× 16 merged into oneConcatenated layer. Each input has 2 nodes toaccommodate the real and imaginary parts of thecomplex CSI matrix element. Nine additional fullyconnected layers with LeakyReLU activations (alpha= 0.3) follow. All hidden layers use Dropout of 0.5to prevent overfitting. Prior to the output layers,a fully connected layer of 14 is used to capturethe number of transmitters to be classified. Thediscriminator output layer of size 1 is fully connected
and uses a custom activation D(x) = Z(x)Z(x)+1 , where
Z(x) =∑Nn=1 exp[ln(x)] to provide values [0.0, 1.0) as
discussed in Section 3. The classifier output is a softmaxactivation connected to the 14 node layer. The learningrate forD/C was 0.00009 using the Adam [34] optimizerand training was done with batches of 128 samples.
The generator network, G, has a single inputwith 5 nodes fully connected to the first hidden layer ofsize 16. Seven additional hidden layers are again fullyconnected using LeakyReLU (alpha = 0.3). The lasthidden layers are 16 fully connected layers of size 32followed by tanh activations. Finally, the output isreshaped to produce 16 output layers of size 2× 16.The learning rate for G was 0.00009 using the Adamoptimizer.
6.3. Results
Training was conducted over the course of 20epochs. Of the 156,800 samples in the training dataset,just over 10% (15,988) were labeled. These labeledsamples trained the classifier to identify the legitimateuser. When selecting the labeled samples, care wastaken to ensure an equal distribution of samples foreach of the 14 legitimate users, however the SNRlevels in the samples for each of the users was left tochance. All the training samples as well as those createdby the generator were used to train the discriminator.Following training, the classifier and discriminatornetworks and their respective weights were saved. Fortesting, the classifier and discriminator networks andweights were reloaded and presented with the testdataset.
Page 7042
(a) SNR = -10 dB (b) SNR = -4 dB
(c) SNR = 2 dB (d) SNR = 4 dB
Figure 4. SGAN dense discriminator performance
with SNR levels at (a) -10 dB, (b) -4 dB, (c) 2 dB,
(d) 4 dB.
The test dataset for the discriminator containedadditional samples associated with the malicious user.Figs. 4 and 5 show that the discriminator performswell for SNR levels greater than 2 dB. The confusionmatrices in Fig. 4 show the discriminator labeled themalicious user’s CSI as “Real” for low SNR levels,but gradually began to correctly categorize them as“Fake” as the SNR level increases. At each SNR level,there are 1,000 “Fake” samples, however the numberof “Real” samples varies slightly due to the randomsplit of the original dataset into training and testingcomponents. For authentication, if there is an error it islikely more favorable to have a false negative rather thana false positive. Although this can be frustrating for theauthentic user denied authentication and result in lowerthroughput rates because of restarting the authenticationprocess, malicious users are kept out of the system.
The SGAN-trained densely connected discriminatorwas accurately able to differentiate “Real” from “Fake”at SNR values above 4 dB. This result shows thelimitations of the SGAN approach. The quality ofthe generator is one aspect that determines how wellthe discriminator will perform. Training a traditionalstandalone neural network to differentiate “Real” from“Fake” without a robust generator requires “Fake”
Figure 5. SGAN dense discriminator accuracy vs
SNR
(a) SNR = -10 dB (b) SNR = -4 dB
Figure 6. SGAN dense classifier performance with
SNR levels at (a) -10 dB, (b) -4 dB.
(a) SNR = -10 dB (b) SNR = 20 dB
(c)
Figure 7. SGAN CNN discriminator performance for
(a) -10 dB, (b) 20 dB, (c) -10 dB to 20 dB.
samples from another source. While this can beobtained, it is likely not feasible to sample everypossible fake CSI sample. The SGAN does not needthese negative examples because it creates its own andstill performs well provided a sufficient SNR.
The test dataset without the CSI samples from themalicious user was then used to obtain the performancefor the classifier. As shown in Fig. 6, the confusionmatrices indicate accurate classification performanceeven at low SNR values. Accuracy is measured bydividing the correctly classified samples by the sumof the correctly and incorrectly classified samples.Fig. 6(a) shows that the classifier attained classificationaccuracy above 90% for most of the users at -10 dBSNR, and Fig. 6(b) shows 100% accuracy at -4 dB SNR.
6.4. Additional networks
To compare the performance of the SGAN denseclassifier, we constructed three additional networks.First, we used another SGAN classifier, but useconvolutional layers instead of fully connected layers.This gives us a SGAN convolutional neural network
Page 7043
Figure 8. Classifier accuracy vs SNR.
(CNN) classifier. Next, instead of training in aSGAN architecture, we created a standalone denseclassifier. This classifier uses the same parameters asour SGAN dense classifier, C. Finally, we implementeda standalone CNN classifier, using the same parametersof the SGAN CNN classifier.
By training the SGAN CNN classifier we alsotrained a SGAN CNN discriminator. Unfortunately theCNN discriminator did not perform as well as the SGANdense discriminator. As shown in Fig. 7, the CNNdiscriminator did not correctly identify all the legitimateusers as “Real”. However, at all SNR values, the CNNwas able to identify the malicious user CSI as “Fake”, sothere may be a use case where this is desirable behavioreven though it prevents some number of users fromsuccessfully authenticating when they should.
Fig. 8 shows the results of the various classifiertesting after training. All the neural networksreach 100% accuracy with sufficient SNR. Thestandalone dense classifier trained for 125 epochs andobtained almost 100% accuracy for all SNR levelsexcept -10 dB. At -10 dB, the standalone dense classifierwas 99.929% accurate. The standalone CNN classifiertrained for 667 epochs and had very similar performanceto the SGAN dense classifier. Finally, the SGAN CNNclassifier trained for 30 epochs, and lagging the others,reached 100% accuracy at 6 dB.
Where the discriminators were not able todifferentiate between legitimate and generator-producedsamples with increased noise levels, the classificationresults show that the classifiers are able to differentiateamong users at these same SNR values. The reason forthis is that the generators’ samples at low SNR closerapproximate the sample distribution from the authenticdataset, making training difficult for the discriminators.Contrast with the classifiers’ training where they onlyreceive samples from the dataset and learns the featuresrelevant to the 14 transmitters’ CSI.
7. Conclusion and future work
We showed how the use of a SGAN can beused to discriminate and classify transmitters by
multiple-subcarrier MIMO CSI as a method to providephysical layer authentication. Our simulation resultsillustrated that with a very small percentage oflabeled CSI samples, accurate discrimination betweenlegitimate and adversary transmitters as well asclassification can be made with a SGAN dense classifierfor SNR values greater than 4 dB. An adversary mayachieve a high degree of accuracy when spoofing alegitimate transmitter, but by retaining the magnitudeand phase of the CSI elements, we have shown that oursystem can differentiate transmitter CSI from positions10 cm apart.
We saw that the SGAN-trained classifiers requiredless epochs to train, however the standalone denseclassifier had the best performance overall. However,the standalone classifiers only classify legitimatetransmitters, while the SGAN is able to first discriminateand then classify. We explored the use of a GAN-trainedclassifier to discover if this is a more accurate methodfor classification based on CSI at varying SNR levels.Future research includes interference by an adversaryduring the authentication process where the originaltraining dataset would be built. Additionally, weintend to explore transfer learning from a SGAN-trainedclassifier to a standalone network in an attempt to reducethe training time of the standalone classifer, whileincreasing overall performance.
References
[1] R. Fantacci, L. Maccari, T. Pecorella, andF. Frosali, “Analysis of secure handover for IEEE802.1x-based wireless ad hoc networks,” IEEE WirelessCommunications, vol. 14, no. 5, pp. 21–29, Oct. 2007.
[2] X. Wang, P. Hao, and L. Hanzo, “Physical-layerauthentication for wireless security enhancement:current challenges and future developments,” IEEECommunications Magazine, vol. 54, no. 6, pp. 152–158,Jun. 2016.
[3] D. Fang, Y. Qian, and R. Q. Hu, “Security for 5GMobile Wireless Networks,” IEEE Access, vol. 6, pp.4850–4874, 2018.
[4] F. Meneghello, M. Calore, D. Zucchetto, M. Polese, andA. Zanella, “IoT: Internet of Threats? A Survey ofPractical Security Vulnerabilities in Real IoT Devices,”IEEE Internet of Things Journal, vol. 6, no. 5, pp.8182–8201, Oct. 2019.
[5] A. Odena, “Semi-Supervised Learning with GenerativeAdversarial Networks,” arXiv:1606.01583 [cs, stat],Oct. 2016, arXiv: 1606.01583. [Online]. Available:http://arxiv.org/abs/1606.01583
[6] A. C. Polak, S. Dolatshahi, and D. L. Goeckel,“Identifying Wireless Users via TransmitterImperfections,” IEEE Journal on Selected Areas inCommunications, vol. 29, no. 7, pp. 1469–1479, Aug.2011.
[7] N. Al Khanbashi, N. Al Sindi, S. Al-Araji, N. Ali,Z. Chaloupka, V. Yenamandra, and J. Aweya, “Real
Page 7044
time evaluation of RF fingerprints in wireless LANlocalization systems,” in 2013 10th Workshop onPositioning, Navigation and Communication (WPNC),Mar. 2013, pp. 1–6.
[8] L. Xiao, L. Greenstein, N. Mandayam, and W. Trappe,“A Physical-Layer Technique to Enhance Authenticationfor Mobile Terminals,” in 2008 IEEE InternationalConference on Communications, May 2008, pp.1520–1524, iSSN: 1550-3607, 1938-1883.
[9] A. Alkhateeb, “DeepMIMO: A Generic Deep LearningDataset for Millimeter Wave and Massive MIMOApplications,” in Proc. of Information Theory andApplications Workshop (ITA), San Diego, CA, Feb. 2019.
[10] Remcom, “Wireless InSite,”https://www.remcom.com/wireless-insite.
[11] L. Xiao, L. Greenstein, N. Mandayam, and W. Trappe,“Fingerprints in the Ether: Using the PhysicalLayer for Wireless Authentication,” in 2007 IEEEInternational Conference on Communications, Jun.2007, pp. 4646–4651.
[12] K. Yu and B. Ottersten, “Models for MIMO propagationchannels: a review,” Wireless Communications andMobile Computing, vol. 2, no. 7, pp. 653–666, 2002.[Online]. Available: https://onlinelibrary.wiley.com/doi/abs/10.1002/wcm.78
[13] W. C. Jakes, Ed., Microwave mobile communications,nachdr. ed., ser. An IEEE Press classic reissue. NewYork, NY: IEEE Press [u.a.], 1995, oCLC: 249569885.
[14] A. Goldsmith, Wireless Communications. CambridgeUniversity Press, Aug. 2005.
[15] Y. Chapre, A. Ignjatovic, A. Seneviratne, and S. Jha,“CSI-MIMO: Indoor Wi-Fi fingerprinting system,” in39th Annual IEEE Conference on Local ComputerNetworks, Sep. 2014, pp. 202–209, iSSN: 0742-1303.
[16] C. Nerguizian, C. Despins, and S. Affes, “Geolocationin mines with an impulse response fingerprintingtechnique and neural networks,” in IEEE 60th VehicularTechnology Conference, 2004. VTC2004-Fall. 2004,vol. 5, Sep. 2004, pp. 3589–3594 Vol. 5, iSSN:1090-3038.
[17] J. Xiao, K. Wu, Y. Yi, and L. M. Ni, “FIFS:Fine-Grained Indoor Fingerprinting System,” in2012 21st International Conference on ComputerCommunications and Networks (ICCCN), Jul. 2012, pp.1–7, iSSN: 1095-2055.
[18] X. Wang, L. Gao, S. Mao, and S. Pandey, “CSI-BasedFingerprinting for Indoor Localization: A Deep LearningApproach,” IEEE Transactions on Vehicular Technology,vol. 66, no. 1, pp. 763–776, Jan. 2017.
[19] Q. Wang, H. Li, D. Zhao, Z. Chen, S. Ye, and J. Cai,“Deep Neural Networks for CSI-Based Authentication,”IEEE Access, vol. 7, pp. 123 026–123 034, 2019,conference Name: IEEE Access.
[20] R.-F. Liao, H. Wen, J. Wu, F. Pan, A. Xu, Y. Jiang,F. Xie, and M. Cao, “Deep-Learning-Based PhysicalLayer Authentication for Industrial Wireless SensorNetworks,” Sensors (Basel, Switzerland), vol. 19, no. 11,May 2019. [Online]. Available: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6603790/
[21] F. Pan, Z. Pang, M. Luvisotto, X. Jiang, R. N.Jansson, M. Xiao, and H. Wen, “Authentication Basedon Channel State Information for Industrial WirelessCommunications,” in IECON 2018 - 44th AnnualConference of the IEEE Industrial Electronics Society,Oct. 2018, pp. 4125–4130.
[22] I. J. Goodfellow, J. Pouget-Abadie, M. Mirza,B. Xu, D. Warde-Farley, S. Ozair, A. Courville,and Y. Bengio, “Generative Adversarial Nets,” inProceedings of the 27th International Conference onNeural Information Processing Systems - Volume 2,ser. NIPS’14. Cambridge, MA, USA: MIT Press,2014, pp. 2672–2680, event-place: Montreal, Canada.[Online]. Available: http://dl.acm.org/citation.cfm?id=2969033.2969125
[23] T. J. O’Shea, T. Roy, N. West, and B. C. Hilburn,“Physical Layer Communications System DesignOver-the-Air Using Adversarial Networks,” in 2018 26thEuropean Signal Processing Conference (EUSIPCO),Sep. 2018, pp. 529–532.
[24] T. J. O’Shea, J. Corgan, and T. C. Clancy, “ConvolutionalRadio Modulation Recognition Networks,” inEngineering Applications of Neural Networks, ser.Communications in Computer and Information Science,C. Jayne and L. Iliadis, Eds. Cham: SpringerInternational Publishing, 2016, pp. 213–226.
[25] M. Li, G. Liu, S. Li, and Y. Wu, “Radio ClassifyGenerative Adversarial Networks: A Semi-supervisedMethod for Modulation Recognition,” in 2018 IEEE 18thInternational Conference on Communication Technology(ICCT), Oct. 2018, pp. 669–672, iSSN: 2576-7828.
[26] D. Roy, T. Mukherjee, M. Chatterjee, E. Blasch,and E. Pasiliao, “RFAL: Adversarial Learning forRF Transmitter Identification and Classification,”IEEE Transactions on Cognitive Communications andNetworking, pp. 1–1, 2019.
[27] T. Salimans, I. Goodfellow, W. Zaremba, V. Cheung,A. Radford, and X. Chen, “Improved Techniquesfor Training GANs,” in Advances in NeuralInformation Processing Systems 29, D. D. Lee,M. Sugiyama, U. V. Luxburg, I. Guyon, andR. Garnett, Eds. Curran Associates, Inc., 2016, pp.2234–2242. [Online]. Available: http://papers.nips.cc/paper/6125-improved-techniques-for-training-gans.pdf
[28] MATLAB, version 9.6.0.1072779 (2019a). Natick,Massachusetts: The Mathworks Inc., 2019.
[29] Y. Shi, K. Davaslioglu, and Y. E. Sagduyu, “GenerativeAdversarial Network for Wireless Signal Spoofing,” inProceedings of the ACM Workshop on Wireless Securityand Machine Learning - WiseML 2019. Miami, FL,USA: ACM Press, 2019, pp. 55–60. [Online]. Available:http://dl.acm.org/citation.cfm?doid=3324921.3329695
[30] L. Xiao, A. Reznik, W. Trappe, C. Ye, Y. Shah,L. Greenstein, and N. Mandayam, “PHY-AuthenticationProtocol for Spoofing Detection in Wireless Networks,”in 2010 IEEE Global Telecommunications ConferenceGLOBECOM 2010, Dec. 2010, pp. 1–6.
[31] S. Chintala, “How to train a GAN,” NIPS 2016Workshop on Adversarial Training, 2016. [Online].Available: https://github.com/soumith/ganhacks,https://www.youtube.com/watch?v=myGAju4L7O8
[32] F. Chollet, et al., Keras, 2015. [Online]. Available:https://keras.io
[33] M. Abadi, et al., “TensorFlow: Large-Scale MachineLearning on Heterogeneous Systems,” 2015. [Online].Available: https://www.tensorflow.org/
[34] D. P. Kingma and J. Ba, “Adam: A Methodfor Stochastic Optimization,” arXiv:1412.6980 [cs],Jan. 2017, arXiv: 1412.6980. [Online]. Available:http://arxiv.org/abs/1412.6980
Page 7045